Authorization mechanism

US 20030229812A1
Filed: 02/21/2003
Published: 12/11/2003
Est. Priority Date: 06/05/2002
Status: Abandoned Application

First Claim

Patent Images

1. A collaborative authorization process, comprising defining a set of roles in a first system, identifying a set of privileges corresponding to each of said roles in said first system, establishing a mapping of each role to corresponding privileges in a second system, and at runtime automatically granting access to a user according to privileges in the second system to which the user'"'"'s role in the first system maps.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A central authorization mechanism allows an employee of one company to use computing resources of another company based on a mapping of the user'"'"'s role in one company to a corresponding role in another company based on equivalence of respective privileges associated with the roles.

78 Citations

View as Search Results

16 Claims

1. A collaborative authorization process, comprising defining a set of roles in a first system, identifying a set of privileges corresponding to each of said roles in said first system, establishing a mapping of each role to corresponding privileges in a second system, and at runtime automatically granting access to a user according to privileges in the second system to which the user'"'"'s role in the first system maps.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The process of claim 1, wherein said first and second systems are located within different enterprises, so that there is a mapping of roles to privileges between enterprises.
  - 3. The process of claim 1, further comprising establishing a directory correlating the user ID with his or her role in the first system.
  - 4. The process of claim 1, wherein privileges in the second system are aggregated in roles, so that by mapping each role in the first system to corresponding privileges in a second system, roles in the first system are mapped to corresponding roles in the second system.
  - 5. The process of claim 3, wherein said first and second systems are located within different enterprises, so that there is a role mapping between enterprises.

6. A collaborative authorization process, comprising defining a set of roles in a first enterprise, identifying a set of privileges corresponding to each said role in said first enterprise, establishing an mapping of the role to a corresponding role in a second enterprise having a corresponding set of privileges, establishing a directory correlating the user ID with his or her role in the first enterprise, and at runtime automatically granting access to the user based on privileges associated with the role in the second enterprise to which said role in the first enterprise maps.

7. A collaborative authorization process, comprising mapping a set of roles in one system onto a set of roles in another system according to the equivalence of their respective privileges, to establish a role-mapping from one enterprise to the another, when a user in one enterprise applies for authorization to gain access to a resource in the other system, identifying the user'"'"'s role in said one system and using the pre-existing role-mapping to ascertain the corresponding role, with corresponding privileges in the other system, and then based on the privileges conferred on the corresponding role in the other system, granting or denying the user access to the resource.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The process of claim 7, wherein mapping the roles is carried out by decomposing roles into their associated privileges, establishing a common vocabulary to define the privileges in terms of resource access and any qualifying parameters as to the extent or conditions upon which access is granted, identifying identical privileges mirrored between the two systems, identifying equivalent privileges between the two systems, aggregating the corresponding mirrored and equivalent privileges into sets of privileges corresponding to roles, and identifying matching roles in the two systems based on the identity or equivalence of the privileges conferred on the roles.
  - 9. The process of claim 8, wherein both systems share a common vocabulary for defining roles and privileges
  - 10. The process of claims 7, 8 or 9, wherein the systems are within different enterprises.
  - 11. The process of claims 7, 8 or 9, where in the systems are different enterprises.

12. A collaborative authorization process, comprising defining a set of privileges in a first system, establishing a mapping of each said set of privileges to corresponding roles in a second system, and at runtime automatically granting access to a user according to privileges associated with the roles in the second system to which the user'"'"'s set of privileges in the first system maps.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The process of claim 12, wherein said first and second systems are located within different enterprises, so that there is a mapping of roles to privileges between enterprises.
  - 14. The process of claim 12, further comprising establishing a directory correlating the user ID with his or her privileges in the first system.
  - 15. The process of claim 12, wherein privileges in the second system are aggregated in roles, so that by mapping each set of privileges in the first system to corresponding roles in a second system, privileges in the first system are mapped to corresponding sets of privileges in the second system.
  - 16. The process of claim 15, wherein said first and second systems are located within different enterprises, so that there is a mapping of privileges between enterprises.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP AG (SAP SE)
Original Assignee
SAP AG (SAP SE)
Inventors
Buchholz, Cristina

Application Number

US10/372,030
Publication Number

US 20030229812A1
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06Q 10/10   Office automation; Time man...

H04L 63/105   Multiple levels of security

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

H04L 69/08   Protocols for interworking;...

H04L 9/40   Network security protocols

Authorization mechanism

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization mechanism

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links